Dramatic growth in mobile, BYOD (bring your own device) and disruptive technologies such as IoT (internet of things) are placing increased demands on cyber security. In response, technologies for mobile identity and authentication are gaining traction. A noteworthy market indicator is the new FIDO Alliance (Fast IDentity Online) and its U2F (Universal Second Factor) and UAF (Universal Authentication Framework) standards for identity and authentication.
Current hardware-based identity and authentication solutions provide virtually no support for mobile device platforms. USB solutions, while mature for consumers and enterprises using desktops and laptops, are not generally applicable to mobile devices. NFC and Bluetooth hardware are not universally supported within the mobile ecosystem and present new threat vectors. Current mobile implementations generally rely on software-only or hybrid solutions that incorporate on-device biometric sensors and/or on-device “secure enclaves”, but may be susceptible to complex threat vectors and generally require provisioning on a per-user/per-device basis. A removable hardware solution that can be used across mobile devices and platforms with a common user experience is desirable for strong identity and authentication use cases.
There are numerous ways to connect an external hardware device to a smart mobile device. There are USB connectors (or more specifically, mini- or micro-USB), vendor-specific connectors (such as the proprietary and royalty-encumbered Apple Lightning connector), and numerous RF-based channels—Bluetooth, Bluetooth LE (low energy), Wi-Fi, and more recently NFC (near field communications). Unfortunately, interface standardization and specification adherence in the marketplace across device platforms is lacking. Some models of mobile device allow you to draw power from their USB connector, some do not. Some mobile devices may implement Bluetooth or NFC, while others may not implement any wireless communications standards. This makes it very difficult to manufacture one device that will consistently work across multiple product lines from multiple vendors.
One interface, often overlooked and common to just about all mobile device platforms (and certainly most consumer-oriented computing platforms), is the audio jack—designed for headphones and other audio devices. Low-power peripheral devices have begun to exploit the potential for waveforms sent from an audio jack to provide power and communications, such as various commercially-available external credit card reader devices; and a group of researchers from the University of Michigan investigated the general applicability of energy harvesting and digital communications from an audio port. See Sheng K Y, Sonal V, Thomas S, Prabal D. Hijacking Power and Bandwidth from the Mobile Phone's Audio Interface. London: ACM DEV '10; Dec. 17-18, 2010 (The disclosure of which is hereby incorporated by reference.). As energy available from an audio signal is relatively low, attempts to utilize an audio signal as a means for powering a cryptographic system and process have not traditionally been explored due to the technical challenges and the lack of sophisticated specifications given the novelty of the audio channel interface for such purposes.